1. Field of the Invention
The present invention relates to systems and methods for securely providing media programs and other information to subscribers via a black box Security Provider Programming system, and in particular to a system and method for securely providing data for use by a hardware device of a receiver for conditional access.
2. Description of the Related Art
The provision of information such as media programs to remote consumers is well known in the art. Such provision may be accomplished via terrestrial or satellite broadcast, cable, closed circuit, or Internet transmission to consumer electronics (CE) devices at the consumer's home or office.
A common problem associated with such transmission is assuring that the reception of such information is limited to authorized end-users. This problem can be solved via the use of encryption and decryption operations performed by devices with appropriate security functionality. For example, it is well known to encrypt media programs before transmission to CE devices with electronics and processing that permits the encrypted media programs to be decrypted and presented to only authorized users.
To implement this functionality, the CE products typically include keys, software, and other data. Since such data is of value to unauthorized users as well, CE companies need a way to protect this valuable information.
Typically, this has required the production of CE devices with special integrated circuits (or chips) with security features enabled and information needed to perform the security functions loaded into chip memory. Such chips can include System on Chips (SOC), which comprise the primary Central Processing Unit (CPU) of the CE device (which may also include secondary processors, security processors, custom Application Specific Integrated Circuits (ASICSs), etc.) or other chip devices that perform the processing of commands within a CE device. Conditional Access providers provide content protection schemes to secure broadcast content is paid for when viewed by subscribers. Problems arise when the content protect schemes are either compromised or implemented in a man which security holes or flaws can be exploited by attacker. The cost to design, manufacturer and distribute these CE devices is extremely expensive. Significant savings can be achieved if a service provider or broadcaster can re-purpose existing CE devices by replacing the conditional access (CA) system used with CE devices that are in the field (distributed to or in use by customers). As an alternative to switching CA systems, the CE device can be provisioned to support separate and cryptographically isolate CA systems during manufacture. This permits the security provided by another CA vendor to be used in the event the security provided by another one of the CA vendors and co-existing on the chip, is compromised.
What is needed is a system and method for providing a security infrastructure that permits the programming of unique security functions in standardized chip designs and enables switching among different and existing CA systems deployed in CE devices. The present invention satisfies that need.